GAUSSIAN INTEGERS

HUNG HO

Abstract. We will investigate the ring of ”Gaussian integers” Z[i] = {a +

bi | a, b ∈ Z}. First we will show that this ring shares an important propertywith the ring of integers: every element can be factored into a product of

finitely many ”primes”. This result is the key to all the remaining concepts in

this paper, which includes the ring Z[i]/αZ[i], analogous statements of famoustheorems in Z, and quadratic reciprocity laws.

Contents

1. Principal Ideal Domain and Unique Prime Factorization 12. The ring Z[i] 63. Some Applications of Unique Prime Factorization in Z[i] 84. Congruence Classes in Z[i] 115. Some important theorems and results 136. Quadratic Reciprocity 18Acknowledgement 22References 22

1. Principal Ideal Domain and Unique Prime Factorization

Definition 1.1. A ring R is called an integral domain, or domain, if 1 6= 0 andwhenever a, b ∈ R and ab = 0, then either a = 0 or b = 0.

Example 1.2. Z, Q, R, C are all integral domains.

Example 1.3. The ring Z[i] = {a+ bi : a, b ∈ Z} is an integral domain.

Example 1.4. The ring Z/nZ is a domain if and only if n is a prime. This isbecause if n is not a prime then we can write n = ab where a, b ∈ Z \ {1} and thusab = 0 in Z/nZ. Conversely, if n is a prime then n divides ab if and only if n divideseither a or b, so a = 0 or b = 0 in Z/nZ.

Definition 1.5. An ideal I of a commutative ring R is principal if it is generatedby a single element a of R through multiplication by every element of R. In otherwords, I = Ra = {ra : r ∈ R}.It is common to denote the ideal generated by a as (a).

Example 1.6. The set of even integers is a principal ideal of Z generated by 2.

Definition 1.7. A principal ideal domain is a domain in which every ideal isprincipal.

1

2 HUNG HO

Definition 1.8. Let a, b be elements of the commutative ring R. If there existsx ∈ R such that a = bx then we say that b divides a, or a is divisible by b and writeb | a. b is called a divisor of a and a is a multiple of b.Elements a and b of an integral domain are associates if a | b and b | a. An elementu is a unit if u divides every element of R, or equivalently, u divides 1.

We can restate the above claims about divisibility and unit in terms of principalideals. From now on, we always assume R to be a commutative ring and an integraldomain.

Proposition 1.9. Let a, b ∈ R, then b divides a if and only if (a) ⊆ (b).

Proof. If b divides a, we write a = bx for some x ∈ R. Then for any y ∈ (a), wehave y = at for some t ∈ R, or y = bxt and thus y ∈ (b). Conversely, if (a) ⊆ (b),then obviously a ∈ (b) so a = bx for some x ∈ R, so b divides a. �

Corollary 1.10. An element u is a unit if and only if (u) = (1) = R.

Corollary 1.11. The following are equivalent:

(1) a and b are associates.(2) a = bu for some unit u.(3) (a) = (b).

Definition 1.12. An element p of the commutative ring R is called prime if p 6∈{0, 1} and whenever p divides ab for a, b ∈ R, then either p divides a or p divides b.

Definition 1.13. A non-zero non-unit element p in an integral domain is irreducibleif it is not the product of two non-zero units.

In the ring of integers Z, prime and irreducible elements are equivalent and arecalled interchangeably as prime numbers. In general, however, these two definitionsdo not coincide. For example, consider the ring Z

√−5 = {a + b

√−5 : a, b ∈ Z}.

It is easy to check that this ring is an integral domain (because it is a subset ofthe complex numbers). The element 2 is irreducible in Z

√−5 because if 2 = (a +

b√−5)(c+d

√−5), taking absolute value of both sides yields 4 = (a2+5b2)(c2+5d2).

This is only possible if b = d = 0, hence |ac| = 2, where a, c ∈ Z, so either |a| or |c|must be 1. Therefore either a+b

√−5 or c+d

√−5 is a unit in Z

√−5. On the other

hand, 2 is not a prime in Z√−5 since 2 divides 4 = (−1 +

√−5)(1 +

√−5) but 2

neither divides 1 +√−5 nor −1 +

√−5 (an integer divides a number a+ b

√−5 in

Z√−5 if and only if it divides both a and b).

The example above shows that in an integral domain, irreducible elements are notnecessarily primes, but what about the reverse statement? The following theoremaddresses this issue.

Theorem 1.14. If p is a prime element in an integral domain R, then p is irre-ducible.

Proof. Assume p 6= 0 is a prime but not irreducible in R, then there exists x, y ∈ Rthat are not units such that p = xy. Since p is a prime element, it follows thatp | x or p | y. Without loss of generality, suppose p | x, then x = pt for some t ∈ R.Thus, we can write p = pty. Since R is an integral domain and p 6= 0, we deducethat ty = 1, or y divides 1, so y is a unit, a contradiction. �

If R is a principal ideal domain, then the reverse direction is also true. However,before tackling this property, we need some more notions.

GAUSSIAN INTEGERS 3

Definition 1.15. Let a, b be two nonzero elements of R. An element d ∈ R iscalled a greatest common divisor of a and b if d is a divisor of both a and b, andany common divisor of a and b divides d.

Later on we will show that any two greatest common divisors of two elements areassociates of each other, hence from now on we will use the notation gcd(a, b) andthe term ”the greatest common divisor” to denote any of those associates. However,in a general integral domain, two elements need not have a greatest common divisor.In fact, a domain in which every two elements have a greatest common divisor iscalled a GCD domain. We will show that every principal ideal domain is also aGCD domain.For elements a1, a2, . . . , an ∈ R, we define (a1, a2, . . . , an) = Ra1+Ra2+. . .+Ran =

{n∑i=1

riai | ri ∈ R}. It is easy to see that (a1, a2, . . . , an) is also an ideal of R .

Theorem 1.16. Let R be a principal ideal domain and a, b be nonzero elements ofR. Then there exists d = gcd(a, b) and (a, b) = (d).

Proof. Let I = (a, b) be an ideal of R. Since R is a principal ideal domain, wehave I = (d) for some d ∈ R. Because (a), (b) ⊆ (a, b) = (d), we deduce that ddivides both a and b. Now let d′ be any common divisor of a and b and writea = d′a′, b = d′b′. Since d ∈ (a, b), we can also write d = au+ bv for some u, v ∈ R.Thus, we have d = d′(a′u + b′v), so d′ | d. Therefore, d is the greatest commondivisor of a and b. �

Two elements a and b may have more than one greatest common divisor. If d andd′ are both greatest common divisors of a and b, we can deduce from the definitionthat d | d′ and d′ | d. Hence, any two greatest common divisors are associates ofeach other. If gcd(a, b) = u, where u is a unit, then a and b are relatively prime. Itfollows from theorem 1.16 that if a and b are relatively prime, then (a, b) = R.

Corollary 1.17. Let a, b, c ∈ R and a | bc. If (a, b) = R, then a | c.

Proof. Since (a, b) = R, there exists x, y ∈ R such that ax+ by = 1. We have

bc = ak

⇒ ybc = yak

⇒ c(1− ax) = yak

⇒ c = a(cx+ yk).

Thus, a divides c. �

Corollary 1.18. If p is irreducible in a principal ideal domain R, then p is a primeelement.

Proof. Suppose p divides ab for some a, b ∈ R. Let pa = gcd(p, a). If pa is a unit,then p and a are relatively prime and we conclude from corollary 1.17 that p divdesb. If pa is not a unit, we write p = pau and since p is irreducible, it follows that uis a unit. So p and pa are associates, hence p divides a. �

From now on, we will not distinguish irreducible and prime elements.

Recall that every positive integer can be uniquely factored into a product ofprimes (we only consider positive primes). We want to prove a similar result in a

4 HUNG HO

principal ideal domain, that is, every element can be factored into product of primeelements. However, this factorization, provided it exists, may not be unique as wecan see via this simple example in Z: 4 = 2 · 2 = (−2) · (−2). But this examplealso shows that in Z, if a number can be factored into different products of primes,then we can find corresponding primes in these products that are associates of eachother (2 and -2 in the above example). Therefore, when talking about unique primefactorization in a general principal ideal domain, we understand that it is ”uniqueup to associates”.We will now go on to prove that every element in a principal ideal domain can befactored into irreducible (or prime) elements. The intuition is as followed. Givenany element a, if a is irreducible then we are done. If not, then we can writea = bc, where b, c are non-units. Now if either b or c is not irreducible, we proceedsimilarly to factor that element into another two elements. Eventually, if thisprocess terminates after finitely many steps, we have our desired factorization.However, if this process goes on forever, then we have a problem. We will provethat this cannot happen.

Proposition 1.19. Let a be a non-zero non-unit element of a principal ideal do-main R. Then a can be factored into a product of finitely many irreducible elements.

Proof. First we show that every non-zero non-unit element x has an irreducibledivisor. Assume otherwise, then obviously x is not irreducible itself, so we canwrite x = x1y1. Since x has no irreducible divisor, we can again factor x1 = x2y2,where x2, y2 are also not irreducible. Proceed inductively, we have two infinitesequences of (xn) and (yn) in R such that all of the terms are not irreducible andxn−1 = xnyn. Thus, (x1) ( (x2) ( . . . (the strict subset sign is due to the fact thatyn is not irreducible for all n, so an is not an associate of an−1).

Now let I =∞⋃n=1

. We claim that I is an ideal of R. Indeed, it is obvious that (I,+)

is a subgroup of (R,+). For any t ∈ I, r ∈ R, since t belongs to (xi) for some i, sodoes rt, hence rt ∈ I. Thus, I is an ideal and we deduce from the fact that R is aprincipal ideal domain that I = (b) for some b ∈ R. Since xn ∈ (b) = I, we have bdivides xn for all n. On the other hand, b ∈ (xk) for some k, or xk divides b. Hence,b and xk are associates. But then this implies that xk divides xk+1, which implies(xk+1) ⊆ (xk) ( (xk+1), a contradiction. So every non-zero non-unit element hasan irreducible divisor.Now consider an arbitrary non-zero non-unit a ∈ R. If a is irreducible, we are done.If not, we can factor a = a1b1, where a1 is irreducible. Since a is not irreducible,b1 is not a unit (otherwise a and a1 are associates), hence b1 has an irreducibledivisor a2. We write b1 = a2b2, and apply the same argument for b2. Proceedinductively, if bn is not a unit, we factor it into an+1bn+1, where an+1 is irreducible.Eventually, if we stop at some N0 where bN0

is a unit, then bN0−1 is irreducibleand a = a1a2 . . . aN0−1bN0−1 is our desired factorization. Otherwise, if we do notstop at some N0, then we have an infinite sequence of ideals (b1), (b2), . . . such that(b1) ( (b2) ( . . . (an is non-unit for all n so bn−1 and bn are not associates). Nowrepeat the proof as above, we have a contradiction, so we must stop after finitelymany steps, and thus a can be factored into a product of irreducible elements. �

GAUSSIAN INTEGERS 5

Now we know that any non-zero non-unit element can be factored into a productof irreducibles. To prove that his factorization is unique up to associates, we needthe following simple lemma.

Lemma 1.20. Let a, b be two irreducible elements of a principal ideal domain R.Then a and b are relatively prime if and only if they are not associates.

Proof. The forward direction is obvious because two associates divide each other.For the reverse direction, assume a and b are not relatively prime, let d be theirgreatest common divisor. Write a = da′ and b = db′. Since a and b are irreduciblesand d is not a unit, it follows that a′ and b′ are units. Thus, d is an associate ofboth a and b, so a and b are associates, a contradiction. �

From now on, if a and b are not associates, we say that a and b are distinct.

Theorem 1.21. Let a be a non-zero element of a PID R. Then we can write

a = u

k∏i=1

pαii ,

where u is a unit, pi’s are pairwise distinct irreducibles that are unique up to asso-ciates, and the exponents αi’s are uniquely determined.

Proof. The existence of such factorization follows from proposition 1.19. Now as-

sume that we have two factorizations a = uk∏i=1

pαii = vl∏i=1

qβii . For each i =

1, 2, . . . , k, pi dividesl∏i=1

qβii , so from lemma 1.20 and corollary 1.18, there must

exists j ∈ {1, 2, . . . , l} such that qj and pi are associates. Thus, we can map eachpi to its associate qj , and apparently this is a one-to-one map because two distinctirreducibles have distinct associates. But we can also repeat the argument anddeduce that for any qj , there exists a corresponding associate pi, hence our map isan isomorphism. Therefore, k = l, and Without loss of generality, we can assumethat pi and qi are associates for i = 1, 2, . . . , k.It remains to show that αi = βi for every i. Assume otherwise and without lossof generality, there exists i0 such that αi0 > βi0 . Since R is an integral domain,

we deduce that u∏i 6=i0

pαii pαi0−βi0i0

= v∏i 6=i0

qβii , so pi0 divides qj for some j 6= i0, a

contradiction. Therefore, αi = βi for all i, and thus the theorem is proven. �

Definition 1.22. An Euclidean domain R is an integral domain equipped with afunction f from R \{0} to {0, 1, 2, . . . , } such that if a, b ∈ R and b is nonzero, thenwe can write a = bq + r for q ∈ R, and either r = 0 or f(r) < f(b).

The main reason to define Euclidean domain is the following proposition.

Proposition 1.23. Assume R be an Euclidean domain. Then R is a principalideal domain.

Proof. Let I be an ideal of R, we shall prove that there exists a ∈ R such thatI = Ra. Indeed, let a be a nonzero element of I such that f(a) is minimum (theexistence of such element follows from the fact that the function f takes values onthe set of non-negative integers). Now, consider any b ∈ I, we can write b = aq+ rwith q, r ∈ R. Since f(a) is minimum, we cannot have f(r) < f(a), so for all b ∈ I,

6 HUNG HO

b = aq for some q ∈ R and thus I ⊆ Ra. On the other hand, obviously Ra ⊆ Ibecause I is an ideal. Hence, I = Ra. �

Proposition 1.23 is important because we may show a ring R is a PID by firstproving it is an Euclidean domain. We will conclude the first section with animportant result: the Chinese remainder theorem.

Definition 1.24. Two ideals I and J are coprime if there exists i ∈ I and j ∈ Jsuch that i+ j = 1.

Remarks 1.25. By theorem 1.16, we know that in a principal ideal domain R, twoideals (a) and (b) are coprime if and only if a and b are relatively prime.

Theorem 1.26. Let I1, I2, . . . , Ik be ideals of a ring R that are pairwise coprime.

Denote I =k⋂i=1

Ii. We have the isomorphism

R/I → R/I1 × . . .×R/Ikx+ I → (x+ I1, . . . , x+ Ik).

Proof. It suffices to prove for k = 2, as the general case can be proved similarlyusing induction. We want to show that for any x1, x2 ∈ R one can find x ∈ I suchthat x ≡ x1 mod I1 and x ≡ x2 mod I2. Since I1 and I2 are coprime, there existsy1 ∈ I1 and y2 ∈ I2 such that −y1 + y2 = x1 − x2. Let z = y1 + x1 = y2 + x2, thenapparently z ∈ R and z − x1 ∈ I1, z − x2 ∈ I2. Thus z ≡ x1 mod I1 and z ≡ x2mod I2. �

2. The ring Z[i]

Most of this paper is devoted to reproduce many well-known concepts and resultsfrom Z in the ring Z[i] = {a+ bi | a, b ∈ Z}. First and foremost, we will show thatZ[i] is a principal ideal domain and thus inherits the unique prime factorizationproperty.

Proposition 2.1. Z[i] is a Euclidean domain.

Proof. For each α = a + bi ∈ Z[i] \ {0}, we define f(α) = αα = a2 + b2. Take anarbitrary β = c + di ∈ Z[i], we will show that β = αγ + θ for γ ∈ Z[i] and eitherθ = 0 or f(θ) < f(α).

Indeed, let βα = r+ si, where r, s ∈ Q. Let k be the closest integer to r and l be the

closest integer to s, i.e. |k−r| ≤ 12 and |l−s| ≤ 1

2 . Let γ = k+li,m = r−k, n = s−land θ = (a+ bi)(m+ ni), we have:

c+ di = (a+ bi)(r + si)

= (a+ bi)(k + li) + (a+ bi)(m+ ni)

⇒ β = αγ + θ.

If θ = 0 then β = αγ, as desired. Otherwise, we have f(θ) = θθ = (a2 + b2)(m2 +n2) ≤ (a2 + b2)( 1

4 + 14 ) < f(α).

Thus, Z[i] is a Euclidean domain with the function f defined as f(α) = αα. �

Proposition 2.1 is fundamental to the study of the ring Z[i] as we can relatemany results and properties in Z[i] to their counterparts in Z. However, after weproved that Z[i] is a unique prime factorization domain, a natural question arises:

GAUSSIAN INTEGERS 7

”What are primes in Z[i]?. Primes in Z[i] may have some similarities with primesin Z but apparently they are not the same, as we can see, for instance, that 5 is aprime in Z but not a prime in Z[i] because 5 = (2− i)(2 + i).

Lemma 2.2. Let p = 4k+ 1 be a positive prime, then (p−12 )!2 + 1 is divisible by p.

Proof. Since for any x ∈ {0, 1, . . . , 2k}, x ≡ (−1)(p− x) mod p, it follows that

(p− 1

2)! ≡ (−1)2k(p− 1)(p− 2) . . .

(p+ 1)

2mod p.

Hence (p−12 )!2 ≡ (p − 1)! ≡ −1 mod p (the second congruence is due to Wilson’stheorem). �

Lemma 2.3. Let p = 4k + 3 be a positive prime and a, b ∈ N such that a2 + b2 isdivisible by p. Then both a and b are divisible by p.

Proof. We have

a2 ≡ −b2 mod p

⇒ a2(2k+1) ≡ (−b2)(2k+1) mod p

⇒ ap−1 ≡ −bp−1 mod p.

Now if a is not divisible by p, so is b because a2 + b2 is divisible by p. But thenby the Fermat’s little theorem, ap−1 ≡ bp−1 ≡ 1 mod p. Thus, by the abovecongruence equations, it follows that 2ap−1 is divisible by p, or a is divisible by p,a contradiction. Thus both a and b are divisible by p. �

Corollary 2.4. Let p be a prime in Z, then there exists x ∈ Z such that x2 + 1 isdivisible by p if and only if |p| = 4k + 1.

Theorem 2.5. A Gaussian integer α = a + bi is a prime if and only if it falls inone of the following categories:

(1) a = 0 and |b| is a prime number of the form 4k + 3.(2) b = 0 and |a| is a prime number of the form 4k + 3.(3) a2 + b2 is a prime number.

Proof. First, we prove that all Gaussian integers described in (1), (2), (3) are prime.

(1) We will prove for the case b > 0, the case b < 0 is proved similarly. Letb = 4k + 3 (k ≥ 0) be a prime and assume α is not a prime in Z[i]. Thenwe can write bi = (u + vi)(x + yi), where u + vi and x + yi are not units.We deduce that b2 = (u2 + v2)(x2 + y2). Since b is a prime, either u2 + v2

or x2 + y2 is divisible by b. Without loss of generality, assume u2 + v2 isdivisible by b. Now because b = 4k + 3, it follows from lemma 2.3 thatboth u and v are divisible by b. But then both u2 and v2 are divisible byb2, and thus u2 + v2 ≥ b2. Now we can conclude from x2 + y2 > 1 that(u2 + v2)(x2 + y2) > b2, a contradiction. Hence α is a prime.

(2) The proof is similar to that of (1).

8 HUNG HO

(3) Assume that α is not a prime, then by similar argument we can writea + bi = (u + vi)(x + yi), where u2 + v2 and x2 + y2 are both greaterthan 1. We also have a2 + b2 = (u2 + v2)(x2 + y2), which implies that(u2 + v2)(x2 + y2) is a prime number. However, this is impossible becausethe product of two numbers greater than 1 can never be a prime numberin Z, thus α must be a prime in Z[i].

Conversely, we prove that every prime element of Z[i] belongs to one of the abovethree categories. Observe that α = a+ bi is a prime in Z[i] if and only if α = a− biis also a prime in Z[i] (because a+ bi = (u+ vi)(x+ yi)⇔ a− bi = (u− vi)(x− yi),where u2 + v2 and x2 + y2 are both greater than 1). Also, it is obvious that ifboth a and b are nonzero, they must be relatively prime in Z[i]. Now we look atq = a2 + b2 = (a+ bi)(a− bi). Consider the following cases:

(a) q is even.We have (a + bi)(a − bi) is divisible by 2 = (1 + i)(1 − i). Note that both1 + i and 1 − i are primes due to our proof for (3) above. So either a + bi ora − bi is divisible by 1 + i, and because they are all primes in Z[i], we musthave a + bi = u(1 + i), where u is a unit. Thus, a − bi = u(1 − i) and finallya2 + b2 = 2, which is a prime. So α falls in category 3.

(b) q has a prime divisor p with absolute value of the form 4k + 3.Then by lemma 2.3, both a and b are divisible by p and thus, a2 +b2 is divisibleby p2 (in both Z and Z[i]). Since both a+ bi and a− bi are primes in Z[i], eachof them cannot be divisible by p2, so we deduce that both a+ bi and a− bi aredivisible by p. However, this implies that their sum 2a, and their difference 2bi,are also divisible by p in Z[i]. Since 2 and p are relatively prime in Z[i] becausep = 4k+ 3, it follows that both a and b are divisible by p. This is impossible ifa and b are coprime, so one of them must be zero. If a = 0, let b = pk, then forα = pki to be a prime in Z[i], |k| must be equal to 1, hence α is in category 1.Similarly, if b = 0 then we can also deduce that α is in category 2.

(c) All prime divisors of q have absolute values of the form 4k + 1.First we show that if |p| is a prime in Z of the form 4k + 1, then p is not aprime in Z[i]. Indeed, assume othrewise, p is also a prime in Z[i]. according tocorollary 2.4, there exists x ∈ Z such that p | x2 + 1 = (x+ i)(x− i). Since p isa prime, it follows that either x + i or x − i is divisible by p in Z[i]. Withoutloss of generality, assume x + i = p(r + si), then we deduce that 1 = ps, acontradiction, hence p is not a prime in Z[i].Now assume for the sake of contradiction that q is not a prime itself, then thereexist primes p1, p2 in Z (p1 and p2 are not necessarily distinct) such that q isdivisible by p1p2. Because both p1 and p2 are of the form 4k+ 1 and hence arenot primes in Z[i], we know that p1p2 is a product of at least four primes inZ[i]. This is impossible because p1p2 divides (a+bi)(a−bi), which is a productof two primes. Therefore, q = a2 + b2 is a prime in Z.

�

3. Some Applications of Unique Prime Factorization in Z[i]

An important corollary of theorem 2.5 is the following theorem that characterizethe necessary and sufficient condition to express a prime as a sum of two squaresin N.

GAUSSIAN INTEGERS 9

Theorem 3.1. A prime p ∈ N can be expressed as a sum of two squares if andonly if p = 2 or p = 4k + 1.

Proof. By lemma 2.3, we know that if p = 4k + 3 then p cannot be expressed as asum of two squares. Now it remains to show that every prime p of the form 4k+ 1can be written as p = a2 +b2. Now from theorem 2.5 we know that p is not a primein Z[i], so p has a prime divisor a + bi in Z[i]. Write p = (a + bi)(c + di) then wededuce that ac− bd = p and ad = −bc. Since a+ bi is a Gaussian prime, we musthave gcd(a, b) = 1, so from the latter equation we deduce that a | c and b | d. Writec = ax and d = by, then because ad = −bc we have x = −y, so c+ di = x(a− bi).This implies that p = x(a+ bi)(a− bi) = x(a2 + b2), and thus x = 1 because p is aprime. We conclude that there exists a, b such that p = a2 + b2. �

Proposition 3.2. Let α = a + bi be a Gaussian integer, where a, b ∈ Z \ {0} arerelatively prime in Z. Suppose n is an integer, then n is divisible by α in Z[i] ifand only if n is divisible by N(α) in Z.

Proof. The reverse direction is obvious because α | N(α). For the forward direction,assume n = (a + bi)(c + di), then after expanding we deduce that ad = −bc. Butsince gcd(a, b) = 1, it follows that a | c and b | d. Write c = ax and d = by, wherex, y ∈ Z, then from ad = −bc we have x = −y. Therefore,

n = x(a+ bi)(a− bi) = x(a2 + b2).

From this we conclude that n is divisible by N(α) in Z. �

Example 3.3. Solve the equations y3 − 1 = x2 in Z.

Solution. First observe that if x is odd then x2 ≡ 1 mod 4, so x2 + 1 is divisibleby 2 but not divisible by 4. However, because then y must be even, y3 = x2 + 1 isdivisible by 8, a contradiction. Therefore, x is even and y is odd.We have y3 = x2 + 1 = (x+ i)(x− i). We claim that x+ i and x− i are coprime.Indeed, if they have a common prime divisor p in Z[i], then p divides their difference2i, so p is either 1 + i or 1− i. But then because p divides y, by proposition 3.2 wededuce that y is divisible by 2, a contradiction. Hence, x+yi and x−yi are coprime,so each of them must be a cube of a Gaussian integer times a unit. However, observethat Z[i] has four units 1,−1, i,−i and each of them itself is a cube of anotherGaussian integer. To be specific, 1 = 13,−1 = (−1)3, i = (−i)3, (−i) = i3. Hencewe can assume that both x+yi and x−yi are cubes of Gaussian integers. We have:

x+ i = (a+ bi)3

⇒ 3a2b− b3 = 1

⇒ b(3a2 − b2) = 1.

From this we deduce that |b| = 1 ⇒ |3a2 − 1| = 1 ⇒ a = 0 ⇒ b = −1. Thusx+ i = i, or x = 0, y = 1. �

Example 3.4. Let n be a positive integer. Find the numbers of solution (x, y) ∈ Z2

of the following equationx2 + y2 = n.

Solution. For a prime p and positive integers α, n, we write pα||n if pα divides nand pα+1 does not divide n. Consider two cases:

10 HUNG HO

(a) n is odd.Let n = pα1

1 . . . pαkk , where pj are distinct odd primes. By lemma 2.3 we candeduce that if pα || n where p is of the form 4k + 3, then in order for theequation to have solution in Z, we must have α = 2β and pβ || x, y. Therefore,we can assume that pj ≡ 1 mod 4 for all 1 ≤ j ≤ k. By theorem 3.1, we canwrite pj = (aj + bji)(aj − bji), where aj + bji and aj − bji are Gaussian primesfor all j. Now rewrite our equation as

(x+ yi)(x− yi) =

k∏j=1

(aj + bji)αj (aj − bji)αj .

Because aj + bji and aj − bji are primes in Z[i], we deduce this representation

x+ yi = isk∏j=1

(aj + bji)βj (aj − bji)γj ,

where s ∈ {0, 1, 2, 3}, βj , γj ∈ {0, . . . , αj} ∀ j = 1, . . . , k.Taking conjugates of both sides, we have

(x− yi) = i4−sk∏j=1

(aj − bji)βj (aj + bji)γj ,

and thus we deduce that βj + γj = αj for all j. Since x − yi is uniquelydetermined if we know x + yi, it suffices to find all possible (k + 1)-tuples of(s, β1, . . . , βk) such that

x+ yi = isk∏j=1

(aj + bji)βj (aj − bji)αj−βj .

However, the only condition required is that s ∈ {0, 1, 2, 3} and βj ∈ {0, . . . , αj} ∀ j.Thus, the total number of the desired (k + 1)-tuples, which is also the numberof solutions to the equation, is 4(α1 + 1) . . . (αk + 1).

(b) n is even.Let n = 2αpα1

1 . . . pαkk , where pj are distinct odd primes. By similar argumentas in the case n odd, we may assume pj are all of the form 4k+1. Denote v2(x)as the largest number m such that 2m divides x, and v2(y) is defined similarly.If v2(x) 6= v2(y) then clearly α = v2(n) = min{2v2(x), 2v2(y)} = 2β. Letx0 = x

2β, y0 = y

2β, n0 = n

2α and consider the equation x20 + y20 = n0. Since n0is odd, we repeat the proof for the first case and conclude that the number ofsolutions is 4(α1 + 1) . . . (αk + 1).If v2(x) = v2(y) = β then obviously α ≥ 2β. Again let x0 = x

2β, y0 = y

2β, n0 =

n22β

, our equation becomes

x20 + y20 = 2α−2βn0.

Since the sum of two odd squares is even but not divisible by 4, we deduce thatα− 2β = 1. Now proceed similarly as in case 1, write pj = (aj + bji)(aj − bji)and 2 = (1 + i)(1− i), we deduce this representation

x+ yi = is(1 + i)t(1− i)1−tk∏j=1

(aj + bji)βj (aj − bji)αj−βj .

GAUSSIAN INTEGERS 11

where s ∈ {0, 1, 2, 3}, t ∈ {0, 1} and βj ∈ {0, 1, . . . , αj} ∀ j. The number ofsolutions is therefore 8(α1 + 1) . . . (αk + 1).

�

4. Congruence Classes in Z[i]

In the ring of integers Z, the congruence class modulo m of an integer n ∈ Z isthe set [n]m = {x ∈ Z | x ≡ n mod m}. The set of all congruence classes for amodulus m forms the ring Z/nZ, which is also known as the ring of integers mod-ulo n. In this section, we will study the analogue of Z/nZ in the ring Z[i]. Whenn 6= 0, Z/nZ is usually defined as Z/nZ = {[0], [1], . . . , [n− 1]}. However, it is notso trivial to define the elements of Z[i]/αZ[i] for an arbitrary α ∈ Z[i].From now on, we shall denote αZ[i] by Iα, the ideal generated by α. Our firstobservation is that Z[i]/Iα is a finite ring. That is because from the proof of propo-sition 2.1, we know that for every β ∈ Z[i], there exists β∗ such that |β∗| < |α| andβ ≡ β∗ mod α. Thus, Z[i]/Iα ⊆ {x ∈ Z[i] | |x| < |α|}. Since the latter is a finiteset, we deduce that Z[i]/Iα is finite for a given α. We will denote the order (thenumber of elements) of Z[i]/Iα by n(Iα).

Lemma 4.1. Let α, β be non-zero elements of Z[i], then n(IαIβ) = n(Iα)n(Iβ).

Proof. First note that IαIβ = Iαβ . That is because for any n ≥ 0, αβ |n∑i=0

xiyi for

xi’s ∈ Iα and yi’s ∈ Iβ , so IαIβ ⊆ Iαβ . Conversely, any t ∈ Iαβ can be written ast = αβs, with α ∈ Iα and βs ∈ Iβ , so Iαβ ⊆ IαIβ . Thus IαIβ = Iαβ .Now assume Z[i]/Iα = {[α1], . . . , [αk]} and Z[i]/Iβ = {[β1], . . . , [βl]}, where k =n(Iα) and l = n(Iβ). Consider the set S consisting of all elements of the formαiβ + βj , where 1 ≤ i ≤ k and 1 ≤ j ≤ l. We have |S| = kl, so it suffices to showthat S is a complete residue system modulo αβ. Indeed, for any x ∈ Z[i], we canwrite

x = αβq + r.

where |r| < |αβ|. There exists j0 ∈ {1, . . . , l} such that r ≡ βj0 mod β, so we canwrite r = βr0 + βj0 . Hence.

x = αβq + βr0 + βj0 = β(αq + r0) + βj0 .

Again, there exists i0 ∈ {1, . . . , k} such that r0 ≡ αi0 mod α, thus r0 = αr1 + αi0 .Finally, we have this expression

x = β(αq + αr1 + αi0) + βj0 = αβ(q + r1) + αi0β + βj0 .

From this we deduce that for any x ∈ Z[i], there exists αi0β + βj0 ∈ S such thatx ≡ αi0β + βj0 mod αβ. It remains to show that for u, v ∈ S, we have u ≡ vmod αβ if and only if u = v. Assume otherwise, there exists i1, i2 ∈ {1, . . . , k} andj1, j2 ∈ {1, . . . , l} such that

αi1β + βj1 ≡ αi2β + βj2 mod αβ

This implies that β | βj1−βj2 , which yields j1 = j2. But then, we have αβ | β(αi1−αi2), which is equivalent to α | αi1 −αi2 , or i1 = i2. Hence, S is a complete residuesystem modulo αβ, so n(IαIβ) = kl = n(Iα)n(Iβ). �

12 HUNG HO

For any ideal Iα, denote Iα = {a − bi | a + bi ∈ Iα}. It is easy to checkthat Iα is also an ideal of Z[i], and we call it the conjugate ideal of Iα. Also, forα = a+ bi ∈ Z[i], we shall denote N(α) as the ”norm” of α, i.e. N(α) = a2 + b2.

Lemma 4.2. The product ideal I = IαIα is the ideal generated by N(α).

Proof. We already proved IαIβ = Iαβ for non-zero α, β in the proof of lemma 4.1.

So it suffices to show that Iα = Iα. We have

x ∈ Iα⇔ x ∈ Iα⇔ x = αy

⇔ x = αy

⇔ x ∈ Iα.

Thus, x ∈ Iα if and only if x ∈ Iα, which shows that Iα = Iα. Hence, IαIα =Iαα = (N(α)). �

Lemma 4.3. n(Iα) = n(Iα).

Proof. Let Z[i]/Iα = {[α1], . . . , [αk]} and consider S = {α1, . . . , αk}, we shall provethat Z[i]/Iα = {[α1], . . . , [αk]}. Indeed, it suffices to show that S is a completeresidue system modulo α. Clearly, for distinct αi, αj ∈ S, we cannot have αi ≡ αjmod α, otherwise α | αi − αj , so α | αi − αj , or αi ≡ αj mod α, a contradiction.Moreover, for any x ∈ Z[i], there exists αk such that x ≡ αk mod α, hence x ≡ αkmod α. Therefore, we conclude that S is a complete residue system modulo α, soZ[i]/Iα = {[α1], . . . , [αk]}. Thus, n(Iα) = n(Iα) = n(Iα). �

Proposition 4.4. n(Iα) = N(α).

Before tackling this problem, we need some additional lemmas. However, firstobserve that from lemma 4.1, 4.2 and 4.3, we deduce that n(Iα)2 = n(Iα)n(Iα) =n(Iαα). So it remains to show that n(Iαα) = N(α)2, i.e.we just have to proveproposition 4.4 for the case α ∈ Z.

Lemma 4.5. Let α ∈ Z and β = a+ bi ∈ Z[i], then α divides β in Z[i] if and onlyif α divides both a and b in Z.

Proof. The reverse direction is trivial. For the forward direction, assume that α | β,then we can write β = a + bi = α(c + di), where c, d ∈ Z. This is only possible ifa = αc and b = αd, so α divides both a and b in Z. �

Given α ∈ Z, we need to show that n(Iα) = α2. This can be accomplished byfinding α2 elements of Z[i] that form a complete residue system modulo α. Assumewe have found our desired set Sα = {αj = aj +bji | 1 ≤ j ≤ α2}. By lemma 4.5, wehave αk ≡ αl mod α if and only if ak ≡ al and bk ≡ bl mod α. This observationleads to the following result.

Lemma 4.6. Let α ∈ Z, then Sα = {a+bi | 0 ≤ a, b ≤ α−1} is a complete residuesystem modulo α.

Proof. It follows immediately from lemma 4.5 that for x 6= y ∈ Sα, we cannot havex ≡ y mod α. Now consider any z = p + qi ∈ Z[i]. Since α ∈ Z, there exists p0and q0 in {0, 1, . . . , α − 1} such that p ≡ p0 and q ≡ q0 mod α. Then obviously

GAUSSIAN INTEGERS 13

z ≡ p0 + q0i mod α, where p0 + q0i ∈ Sα. From this we conclude that Sα is acomplete residue system modulo α. �

Corollary 4.7. Let α ∈ Z, then n(Iα) = α2 = N(α).

Proposition 4.4 follows from lemma 4.1, 4.2, 4.3 and corollary 4.7.

Lemma 4.6 allows us to precisely define Z[i]/Iα for α ∈ Z, but what aboutα ∈ Z[i] in general? Assume α = a + bi, can we have a complete residue systemmodulo α consisting entirely of integers, namely 0, 1, . . . , a2 + b2 − 1? Proposition3.2 and proposition 4.4 answer this question.

Corollary 4.8. Let α = a + bi be a Gaussian integer, where a, b ∈ Z \ {0} arerelatively prime in Z. Then Z[i]/Iα = {[0], [1], . . . , [a2 + b2 − 1]}.

Now we are ready to describe Z[i]/Iα for an arbitrary α ∈ Z[i].

Proposition 4.9. Let α = a + bi ∈ Z[i] \ {0}. Assume gcd(a, b) = d in Z anda = da0, b = db0, then Sα = {x + yi | 0 ≤ x ≤ d(a20 + b20) − 1, 0 ≤ y ≤ d − 1} is acomplete residue system modulo α in Z[i].

Proof. Note that |Sα| = a2 + b2, so by proposition 4.4 we just need to check thatfor β, γ ∈ Sα, β ≡ γ mod α if and only if β = γ. Assume there exists β, γ ∈ Sαsuch that β ≡ γ mod α. Let β = p + qi and γ = r + si, we have d | β − γ, so bylemma 4.5, d | p − r and d | q − s. However, since 0 ≤ q, s ≤ d − 1, it follows thatq = s.Now we also have a0 + b0i | β − γ = p− r, and since a0, b0 are relatively prime, wededuce from proposition 3.2 that a20 + b20 | p− r. Write p− r = s(a20 + b20), then wehave

α | p− rd(a0 + b0i) | s(a20 + b20)

⇒ d | s(a0 − b0i).Again, by lemma 4.5 we deduce that d divides both sa0 and sb0. Suppose that sis not divisible by d in Z. Then there must exists a prime p in Z and a positiveinteger m such that pm | d but pm 6 | s. However, since d divides both sa0 and sb0,it follows that both a0 and b0 is divisible by p, a contradiction because a0 and b0are relatively prime. Therefore, d | s, so d(a20 + b20) | s(a20 + b20) = p − r. Now usethe fact that 0 ≤ p, r ≤ d(a20 + b20)− 1, we conclude that p = r. Thus, β = γ, or Sαis a complete residue system modulo α. �

5. Some important theorems and results

In this section, we shall prove the analogues of some famous theorems and resultsof Z for the ring Z[i]. Firstly, recall the Euler’s totient function ϕ(n) of a positiveinteger n is the number of integers in {1, 2, . . . , n−1} that are relatively prime withn. In other words, ϕ(n) is the number of elements of (Z/nZ)×. We will now findthe formula for the Euler’s totient function of a Gaussian integer α, which denotesthe number of elements of (Z[i]/Iα)×. Recall from theorem 2.5 that there are threetypes of prime: the splitting primes a+ bi and a− bi where a2 + b2 is a prime of theform 4k + 1, the inert primes p where p = 4k + 3 and the ramified primes (1 + i)and (1− i). We will call them type 1,2,3 respectively.

14 HUNG HO

Theorem 5.1. Let α be a Gaussian integer, then

ϕ(α) = N(α)∏

η | αη prime

(1− 1

N(η)

).

Proof. Observe that from the Chinese remainder theorem, for α, β ∈ Z[i] that arerelatively prime, we have ϕ(αβ) = ϕ(α)ϕ(β). Therefore, we only need to find theformula for ϕ(αk), where α is a Gaussian prime. Also note that two associates havethe same Euler’s totient function. Consider three cases:

(a) α = a+ bi is a prime of type 1.

Let p = a2 + b2 be a prime in Z and αk = (a + bi)k = c + di. We claim thatgcd(c, d) = 1. Indeed, assume q ∈ Z is a common prime divisor of c and d,then q divides αk in Z[i]. Let q∗ ∈ Z[i] be a prime divisor of q, then because αis a prime, it follows that q ∗ | α. This means that q∗ is an associate of α, soby proposition 3.2, we deduce that p divides both c and d. But then p | αk, ora− bi | (a+ bi)k, a contradiction because a− bi and a+ bi are relatively prime.So gcd(c, d) = 1, hence from corollary 4.8, Sαk = {0, 1, . . . , c2 + d2 − 1} is acomplete residue system modulo αk. We will need to find all elements in Sαkthat are divisible by α. However, again by proposition 3.2, x ∈ Sαk is divisibleby α if and only if x is divisible by p. Hence, we only need to find the number ofelements divisible by p in {0, 1, . . . , pk−1} (note that c2+d2 = (a2+b2)k). Thereare pk−1 such numbers, so we deduce that ϕ(αk) = pk−pk−1 = N(αk)(1− 1

N(α) ).

(b) α is a prime of type 2.Without loss of generality, assume α ∈ Z. By proposition ??, we know thatSαk = {x + yi | 0 ≤ x, y ≤ αk − 1} is a complete residue system moduloα. We will need to find all elements divisible by α in Sαk , which by lemma4.5 are elements x + yi such that both x and y are divisible by α. Sincex, y ∈ {0, 1, . . . , αk − 1}, there are α2(k−1) such elements. Thus, ϕ(αk) =α2k − α2(k−1) = N(αk)(1− 1

N(α) ).

(c) α = 1 + iFirst we show that β = a+ bi ∈ Z[i] is divisible by 1 + i if and only if 2 | a+ b.Indeed, for the forward direction, let a + bi = (1 + i)(c + di), then we deducethat a = c − d and b = c + d and apparently a + b = 2c, an even number.Conversely, suppose a+ b is even, then so is a− b. Write α = b(1 + i) + a− b,then since 1 + i | 2 | a− b, it follows immediately that 1 + i | α.Now a simple induction shows that (1+i)2k = 2kik and (1+i)2k+1 = 2kik(1+i).For the first case, we know that all elements x+yi where 0 ≤ x, y ≤ 2k−1 form acomplete residue system modulo (1+ i)2k. There are 2 ·22k−2 = 22k−1 elementsamong these such that x+y is odd, which are also the elements relatively primeto (1 + i). Hence ϕ(α2k) = 22k−1. For the latter case, the complete residuesystem modulo (1 + i)2k+1 is S = {x+ yi | 0 ≤ x ≤ 2k+1 − 1, 0 ≤ y ≤ 2k − 1}.There are 2 · 2k · 2k−1 = 22k elements x+ yi of S such that x+ y is odd, henceϕ(α2k+1) = 22k. We conclude that ϕ(αk) = 2k−1 = N(αk)(1− 1

N(α) ).

From the three cases above, we conclude that for any α ∈ Z[i],

ϕ(α) = N(α)∏

η | αη prime

(1− 1

N(η)

).

GAUSSIAN INTEGERS 15

�

We proved that every element of Z[i] can be factored into a product of finiteirreducible elements and that this factorization is unique up to associates. It iseasy to see that every prime α ∈ Z[i] has four associates including itself: α,−α, iαand −iα. For convenience, we introduce the following definition of primary prime.

Definition 5.2. A prime α ∈ Z[i] is called primary if

α ≡ 1 mod (1 + i)3.

Proposition 5.3. Every prime of type 1 or type 2 is associated to a unique primaryprime.

Proof. Let α = a+ bi be a prime of type 1 or type 2. It suffices to show that thereexists a unique primary prime in Aα = {a+bi,−a−bi,−b+ai, b−ai}. First observethat β = (1+ i)3 = −2(1− i), hence by theorem 5.1, we know that |(Z[i]/Iβ)×| = 4.Obviously α is relatively prime to β, so Aα ⊆ (Z[i]/Iβ)×. Therefore, if there doesnot exist x ∈ Aα such that x ≡ 1 mod β, then since |Aα| = 4, there must bey, z ∈ Aα such that y ≡ z mod β. However, considering all possible cases, thismeans that β | 2α, or (1 − i) | α, a contradiction. This proof not only shows thatthere exists a primary prime in Aα, but this primary prime is unique because wecannot have y ≡ z mod β for y, z ∈ Aα. �

Remarks 5.4. If α = a + bi is a primary prime, we can see that a is odd and b iseven. From now on, primes of type 1 or type 2 are assumed to be primary.

Proposition 5.5. Let p be a prime of type 2, then for any β ∈ Z[i], we have

βp ≡ β mod p.

Proof. Assume β = a+ bi, then we have

βp = (a+ bi)p =

p∑k=0

(p

k

)akbp−kip−k.

Since(pk

)is divisible by p for all k ≥ 1, we deduce that βp ≡ ap + bpip mod p.

By Fermat’s little lheorem for p ∈ Z, we have ap ≡ a mod p and bp ≡ b mod p.Moreover, since p = 4k+ 3 is a prime of type 2, ip = −1, and thus βp ≡ a− bi ≡ βmod p. �

Proposition 5.6. Let α = a+ bi be a prime of type 1 and p = a2 + b2 is a prime.Then for any β ∈ Z[i] we have

βp ≡ β mod p.

Proof. The proof is similar to that of proposition 5.5. �

Note that from proposition 5.5 we can also deduce that for any β relatively primeto p:

βp+1 ≡ ββ mod p

⇒ βp2−1 ≡ (ββ)p−1 mod p

⇒ βN(p) ≡ β mod p.

The final equation is a deduction from Fermat’s little lheorem because ββ ∈ Z.

16 HUNG HO

Proposition 5.5 and 5.6 imply the analogue statement of Fermat’s little theoremin the ring Z[i].

Corollary 5.7. Let α, β ∈ Z[i], where α is a prime. Then we have

βN(α) ≡ β mod α.

Note that corollary 5.7 can be proved directly without proposition 5.5 and 5.6.Denote Z[i]/Iα \ {0} = Tα. We know that for β ∈ Tα and every η ∈∈ Tα, thereexists a unique xη ∈ Tα such that βη ≡ xη mod α. From this we deduce that

βN(α)−1∏η∈Tα

η ≡∏η∈Tα

xη mod α

⇒ βN(α)−1 ≡ 1 mod α.

We will finish this section with the concept of primitive root modulo α.

Definition 5.8. Let α be a non-zero element of Z[i]. An element z ∈ Z[i] is calleda primitive root modulo α if for every u such that u and α are relatively prime,there exists an integer n such that

zn ≡ u mod α.

Definition 5.9. Let α, β ∈ Z[i] be relatively prime elements. The order of βmodulo α is the smallest positive integer k such that

βk ≡ 1 mod α.

Observe that by corollary 5.7 for every β that is relatively prime to α we alwayshave βN(α)−1 ≡ 1 mod α, therefore there always exists an order of β modulo α.We denote the order of β modulo α by ordα(β). It is easy to see that if ordα(β) = kthen βn ≡ 1 mod α if and only if k divides n (if not, then let n = kq + r, wherer < k and we deduce that βr ≡ 1 mod α, a contradiction).

Remarks 5.10. β is a primitive root modulo α if and only if ordα(β) = N(α).

Theorem 5.11. If α is a prime element of Z[i], then there always exists a primitiveroot modulo α.

Before proving theorem 5.11, we need the following lemmas.

Lemma 5.12. Let α ∈ Z[i], where α is a prime. Then for any polynomial P (x) ∈Z[x] of degree n such that the highest coefficient of P is relatively prime to α, thefollowing congruence equation has at most n solutions in Z[i]/Iα:

P (x) ≡ 0 mod α.

Proof. We will prove by induction on n. The claim is obviously true for n = 0,assume it is true for n = k, consider n = k+1. Assume for the sake of contradictionthat there exists P (x), degP = k + 1 and x0, x1, . . . , xk+1 ∈ Z[i]/Iα such thatP (xi) ≡ 0 mod α ∀ i. Since P ∈ Z[x], we can write Q(x) = P (x) − P (x0) =(x−x0)R(x), where R ∈ Z[x] is a polynomial of degree k. We know that Q(xi) ≡ 0mod p for all i = 1, 2, . . . , k + 1. However since xi 6≡ x0 mod α, it follows thatR(xi) ≡ 0 mod α for all i = 1, 2 . . . , k+1. This is a contradiction because degR =k, so by induction we cannot have k+ 1 solutions for R(x) ≡ 0 mod α. Hence theclaim is also true for n = k + 1, and thus true for all n. �

GAUSSIAN INTEGERS 17

Lemma 5.13. For any positive integer n, we have∑d | n

ϕ(d) = n.

Proof. For any d | n, let Sd = {x | x ∈ N, x ≤ d, gcd(x, d) = 1} and define thefollowing map:

fd : Sd → {1, 2, . . . , n}

x→ n

dx.

Denote fd(Sd) = Td. We wll prove Td ∩ Te = ∅ for distinct d, e | n. Indeed, assumeotherwise, there exists x0 ∈ Td ∩ Te. Then there exists y0 ∈ Sd and z0 ∈ Se suchthat x0 = n

d y0 = ne z0, or dz0 = ey0. Since gcd(d, y0) = gcd(e, z0) = 1, it folows

that d | e and e | d, so e = d, a contradiction. Hence Td ∩ Te = ∅ when d 6= e. Alsonote that Td ⊆ {1, 2, . . . , n} for all d, hence we deduce that∑

d | n

ϕ(d) =∑d | n

|Sd| 6 n.

Now we will show that for any m ∈ {1, 2, . . . , n}, there exists m1 | n and n1 ∈ Sm1

such that m = nn1m1. Let q = gcd(m,n) and write m = qm1, n = qn1, then

gcd(m1, n1) = 1 and m = nn1m1. In other words, for every m ≤ n, there exists

m1 | n and n1 ∈ Sm1such that fm1

(n1) = m. From this we deduce that

|n| ≤∑d | n

|Sd| =∑d | n

ϕ(d).

Therefore, we can conclude that∑d | n

ϕ(d) = n. �

Lemma 5.14. For every d | N(α)−1, the following equation has exactly d solutionsin Z[i]/Iα:

xd ≡ 1 mod α.

Proof. Let Sd = {xd mod α | x ∈ (Z[i]/Iα)\{0}}, then for any y ∈ Sd, yN(α)−1

d ≡ 1mod α, so by lemma 5.14,

|Sd| ≤N(α)− 1

d.

On the other hand, assume Sd = {d1, d2, . . . , dk}, for every i we denote

[di] = {x | x ∈ Z[i]/Iα, xd ≡ di mod α.}

We claim that |[di]| = d for all i. Indeed, again by lemma 5.12, we have |[di]| ≤ dfor all i. Now observe that [di] ∩ [dj ] = ∅ for i 6= j and

k⋃i=1

[di] = (Z[i]/Iα) \ {0}.

18 HUNG HO

so we deduce thatk∑i=1

|[di]| = N(α)− 1

⇒ kd ≥ N(α)− 1

⇒ k ≥ N(α)− 1

d.

Thus, we must have equalities everywhere, so |Sd| = N(α)−1d and |[di]| = d ∀ i =

1, 2, . . . , N(α)−1d . Obviously there exists i such that di ≡ 1 mod α, so the equation

xd ≡ 1 mod α has exactly d solutions in Z[i]/Iα. �

Corollary 5.15. Let d | N(α) − 1, then the number of x ∈ Z[i]/Iα such thatordα(x) = d is ϕ(d).

Proof. For d | N(α) − 1, let Od = {x ∈ Z[i]/Iα | ordα(x) = d}. Now considerthe equation xd ≡ 1 mod α with x ∈ Z[i]/Iα. By lemma 5.14, this equation hasexactly d solutions, and each solution x belongs to Oe for some e | d. Therefore,∑

e | d

|Oe| = d. (1)

This holds for every d | N(α) − 1. Assume there exists d such that |Od| 6= ϕ(d),choose the smallest d. Apparently d 6= 1. But then, because every divisor e of dthat is not d itself is strictly smaller than d, we have∑

e | de 6=d

|Oe| =∑e | de 6=d

ϕ(e).

By lemma 5.13, the right hand side is d−ϕ(d). Together with the equation at (1),we conclude that |Od| = d, a contradiction. Hence, |Od| = d for all d | N(α)−1. �

Theorem 5.11 follows immediately from corollary 5.15.

6. Quadratic Reciprocity

In this section, we will prove quadratic reciprocity laws for the ring Z[i]. Firstwe will recall important definitions and results about quadratic reciprocity laws forthe ring of integers.

Definition 6.1. Let p be a prime and a be any positive integer. We define theLegendre’s symbol(

a

p

)=

1 if there exists n ∈ Z such that n2 ≡ a mod p

0 if p divides a

−1 otherwise.

The Legendre symbol indicates whether a is a quadratic residue modulo p. It is

easy to see that(abp

)=(ap

)(bp

)and

(a2

p

)= 1.

Theorem 6.2. Let p, q be two odd primes. Then we have(p

q

)(q

p

)= (−1)

p−12

q−12 .

GAUSSIAN INTEGERS 19

Proposition 6.3 (Supplementary Laws). Suppose p is an odd prime. Then wehave:

(1)

(−1

p

)= 1 if and only if p = 4k + 1.

(2)

(−1

p

)= (−1)

p2−18 .

Theorem 6.2 is called the Gauss reciprocity law and is the most important resultregarding quadratic reciprocity over Z. We will apply the above laws to prove theanalogous laws in the ring Z[i].

Definition 6.4. Let α be a Gaussian prime and β be an arbitrary element of Z[i].We define the following symbol[

β

α

]=

1 if there exists η ∈ Z[i] such that η2 ≡ β mod α

0 if α divides β

−1 otherwise.

Similar to the Legendre symbol, the above symbol is also multiplicative. Nowwe introduce the Euler’s criterion for the ring Z[i].

Proposition 6.5. Let α be a prime of type 1 or 2 in Z[i] and β be an arbitraryelement of Z[i] not divisible by α. Then we have

βN(α)−1

2 ≡[β

α

]mod α.

Proof. Let η be the primitive root modulo α. Then for every β there exists a unique

d(β) such that ηd(β) ≡ β mod α. An easy observation is that[βα

]= 1 if and only

if d(β) is even. Moreover,

βN(α)−1

2 ≡ 1 mod α

⇔ ηd(β)N(α)−1

2 ≡ 1 mod α

⇔ d(β) ≡ 0 mod 2.

The last equation is due to the fact that η is a primitive root modulo α, henceηk ≡ 1 mod α if and only if k is divisible by N(α)− 1.

Now we conclude that βN(α)−1

2 ≡ 1 mod α if and only if[βα

]= 1, or β

N(α)−12 ≡

[βα

]mod α. �

Now observe that if α is a prime of type 2 then N(α) − 1 = α2 − 1, which is

divisible by 4, so for any integer r, rN(α)−1

2 is a perfect square. Therefore, if α is aprime of type 2, then any integer is a quadratic residue modulo α.

Corollary 6.6. Suppose α is a prime of type 2. Let r ∈ Z be relatively prime toα. We have: [ r

α

]= 1.

Proposition 6.7. Suppose α is a prime of type 1 and let r ∈ Z be relatively primeto α. Then we have [ r

α

]=

(r

N(α)

).

20 HUNG HO

Proof. We will prove that[ rα

]= 1 if and only if

(r

N(α)

)= 1. The reverse

direction is obvious since if there exists x ∈ Z such that r ≡ x2 mod N(α) thenwe also have r ≡ x2 mod α because α | N(α). For the forward direction, assume∃ η ∈ Z[i] such that r ≡ η2 mod α. By corollary 4.8, we know that there existsu ∈ Z such that η ≡ u mod α, hence r ≡ u2 mod α. This means that α | r − u2,

so by proposition 3.2, N(α) | r − u2. From this we conclude that(

rN(α)

)= 1. �

Proposition 6.7 is very useful in terms of relating quadratic reciprocity lawsin Z[i] to those of Z. For instance, from corollary 4.8 we know there exists u ∈{0, 1, . . . , N(α) − 1} such that u ≡ i mod α, so for any r, s ∈ Z, r + si ≡ r + sumod α. In terms of quadratic reciprocity, we have[

r + si

α

]=

(r + su

N(α)

).

Proposition 6.8. Suppose α = a + bi is a prime of type 1. Let p = N(α). Wehave: (

a

p

)= 1.

Proof. We know that a is odd and p = a2 = b2. Assume q1, q2, . . . , qk are all primedivisors of a such that the highest power of qi that divides a is odd for all i,. Inother words, there exists an odd number di such that qdii || a. Apparently, then(

a

p

)=

(q1q2 . . . qk

p

)=

k∏i=1

(qip

)By theorem 6.2 and the fact that p = 4k + 1, we have(

qip

)=

(p

qi

).

However, since p ≡ b2 mod qi for all i, we deduce that(pqi

)= 1, hence

(qip

)= 1

for all i. From this we conclude that(ap

)= 1. �

Corollary 6.9. With the above notations, we also have:(b

p

)=

(2

p

).

Moreover, using the same technique, if b = 2nc, where c is odd then

(c

p

)= 1.

Theorem 6.10. Let α, β be two different primes that are not type 3 in Z[i]. Thenwe have [

β

α

]=

[α

β

].

Proof. Consider the following cases:

(a) α, β are both primes of type 2.

It follows easily from corollary 6.6 that[βα

]=[αβ

]= 1.

GAUSSIAN INTEGERS 21

(b) α, β are both primes of type 1.Let α = a+ bi and β = c+ di. Let u, v ∈ Z such that u ≡ i mod α and v ≡ imod β. Note that from u ≡ i mod α we have

bu ≡ bi mod α

⇒ bu ≡ −a mod α

⇒ bu ≡ −a mod a2 + b2.

The last equation is due to proposition 3.2. Similarly we have dv ≡ −cmod c2 + d2. Now by proposition 6.7 and corollary 6.9, we have:[

β

α

]=

(c+ du

a2 + b2

)⇒[β

α

](b

a2 + b2

)=

(bc− ada2 + b2

)⇒[β

α

]=

(2

a2 + b2

)(bc− ada2 + b2

).

Similarly, we can also prove[α

β

]=

(2

c2 + d2

)(bc− adc2 + d2

).

So it suffices to show(2

c2 + d2

)(bc− adc2 + d2

)=

(2

a2 + b2

)(bc− ada2 + b2

)Let b = 2b0 and d = 2d0. It remains to show that(

b0c− ad0c2 + d2

)=

(b0c− ad0a2 + b2

).

Let b0c−ad0 = 2ke, where e is odd. Because 4(b0c−ad0)2+(ac+4b0d0)2 = (a2+b2)(c2 + d2), by repeating the same argument used in the proof of proposition

6.7, we know that

(e

c2 + d2

)=

(e

a2 + b2

)= 1. If b0+d0 is odd, then b0c−ad0

is also odd because a and c are odd, and we are done. Otherwise, if b0 + d0 iseven, then 4(b20 − d20) is divisible by 8, and since a2 − c2 is also divisible by 8because both a and c are odd, we deduce that N(α) −N(β) is divisible by 8.

Hence, N(α)2 ≡ N(β)2 mod 16, which means that (−1)N(α)2−1

8 = (−1)N(β)2−1

8 .By proposition 6.8, it follows that(

2

a2 + b2

)=

(2

c2 + d2

).

Therefore, either case we will eventually have(b0c−ad0c2+d2

)=(b0c−ad0a2+b2

). This

completes our proof.(c) α is a prime of type 1 and β is a prime of type 2.

e have β ∈ Z, so by proposition 6.7[β

α

]=

(β

N(α)

)= 1.

22 HUNG HO

But by theorem 6.2 and the fact that N(α) is a prime of the form 4k+ 1 in Z,we have (

N(α)

β

)=

(β

N(α)

)= 1.

So it suffices to show that(N(α)β

)= 1 if and only if

[αβ

]= 1. The reverse

direction is trivial, because if we assume there exists η ∈ Z[i] such that η2 ≡ αmod β, then we also have η2 ≡ α mod β, and thus

N(α) ≡ N(η)2 mod β.

For the forward direction, assume there exists s ∈ Z such that s2 ≡ N(α)mod β. By proposition 5.5, we have αβ+1 ≡ N(α) mod β. Therefore,

αβ+1 ≡ s2 mod β

⇒ αN(β)−1

2 ≡ sp−1 mod β

⇒ αN(β)−1

2 ≡ 1 mod β.

The last equation is due to Fermat’s little theorem, and now we can conclude

from Euler’s criterion that

[α

β

]= 1.

�

Acknowledgement

It is a great pleasure to thank my mentor, Tung Nguyen, for helping me through-out the REU program. This paper would not have been completed without his in-valuable support and guidance. I’d also want to thank Professor Peter May and theUniversity of Chicago for providing us with such a great learning and researchingexperience.

References

[1] David Steven Dummit and Richard M. Foote. Abstract Algebra. 3rd ed. Hoboken, NJ : Wiley,

c2004. 1991.[2] Kenneth Ireland and Michael Rosen A Classical Introduction to Modern Number Theory

Springer, 1990.